Saturday, July 08, 2006

I have been looking at virtualization as a mechanism for defeating rootkit technology and other types of Trojan for some time.

Microsoft has been working on this type of scheme for some time. It is likely to be the only way to manage the transition from entirely unrestricted consumer O/S to a system where Winnie the Pooh Treehous game cannot insist on having full root privileges to run. One of the open questions has been how to get this technology adopted into the Linux mainstream. The OSS world is great at developing niche technologies to support ultra security for a few. It is much less good than it thinks in deploying state of the art security to the masses.

That is why XenSource is so interesting. Xen is not a full virtual machine implementation, it is a para-virtual machine. Instead of pre-empting instructions at the CPU level this takes place at a different layer in the stack. The architecture ends up looking remarkably like Butler Lampson's security monitors.